According to an embodiment, a system comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations. The operations comprise determining that an endpoint device has requested to discover a location of a protected resource that is protected by a gateway, determining whether the endpoint device has provided a token that is valid, and permitting the endpoint device to discover the location of the protected resource based on determining that the endpoint device has provided the token that is valid. The token indicates that the endpoint device successfully completed a first multi-factor authentication procedure in connection with accessing an authentication enforcement resource.
Legal claims defining the scope of protection, as filed with the USPTO.
3. The system of claim 1, wherein the first authentication factor is based on verifying a login credential of the user of the endpoint device.
6. The system of claim 1, wherein permitting the endpoint device to discover the location of the protected resource comprises communicating a resource-relay mapping to the endpoint device.
7. The system of claim 1, wherein the system provides a Zero Trust access model that requires the endpoint device to establish a minimum level of trust in order for the endpoint device to discover the location of the protected resource.
8. The system of claim 1, wherein the endpoint device is permitted to discover the location of the protected resource without requiring the endpoint device to establish a secure tunnel with the gateway.
9. The system of claim 1, wherein the first multi-factor authentication procedure is performed independently of the gateway.
12. The method of claim 10, wherein the first authentication factor based on verifying a login credential of the user of the endpoint device.
17. The one or more computer-readable non-transitory storage media of claim 15, wherein the first authentication factor based on verifying a login credential of the user of the endpoint device.
20. The one or more computer-readable non-transitory storage media of claim 15, wherein permitting the endpoint device to discover the location of the protected resource comprises communicating a resource-relay mapping to the endpoint device.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
October 21, 2021
June 4, 2024
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.